All apps · 0 apps
cryptomator-webdav
Docker app from beastieg's Repository
Overview
Cryptomator WebDAV allows you to serve a locally stored Cryptomator vault over a secure WebDAV (https) connection, allowing access to decrypted files through third party WebDav tools such as rclone, Mountain Duck, CyberDuck etc.
Setting the Cryptomator Vault Password:
The password for the vault can either be set directly through the Cryptomator Vault Password variable, or can be stored in a local file and shared through the Cryptomator Vault Password File setting.
Only one is needed.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/vault.pass'
Optional Signed Certificate:
An optional signed certificate can be passed to the container, e.g. from LetsEncrypt.
Set the "Optional: Signed Certificate" variable to the full path of your certificate file, containing both your cert and the key in one .pem file.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/mycert.pem'
File Permissions:
Cryptomator-webdav runs as UID:99, GID:100 by default. This can be changed through the CRYPTOMATOR_UID and CRYPTOMATOR_GID variables.
Ensure vault files are read and writable by the IDs you set.
Ensure any vault password file provided is readable by these IDs.
More Secure File Permissions:
Most Unraid Community Applications containers run as UID:99, GID:100
In theory this would mean a rouge container could have read access to your encrypted files if the vault was shared with it.
To ensure a slightly more secure installation, it is recommended the container application is run as a separate Unraid user id, and vault files are only accessible by this user.
For example:
- Set CRYPTOMATOR_UID to your Unraid user id, e.g. 1000
- Ensure all vault files are only readable and writable by this user:
- chown -R 1000: /path/to/cryptomator/vault
- chmod -R u+rwX,g-rwx,o-rwx /path/to/cryptomator/vault
See the Cryptomator WebDAV github project for more details at https://github.com/greycubesgav/cryptomator-webdav
More details about Cryptomator can be found at https://cryptomator.org
Install cryptomator-webdav on Unraid in a few clicks.
Find cryptomator-webdav in Community Apps on your Unraid server, review the template, and click Install. Unraid handles the Docker app or plugin setup from the published template.
Requirements
The native Cryptomator application (https://cryptomator.org/downloads/) should be used to create a new vault.
Then copy the entire vault directory and all sub-directories and files over to Unraid.
The decrypted vault files can then be edited through greycubesgav/cryptomator-webdav.
Download Statistics
Related apps
Explore more like this
Explore allDetails
greycubesgav/cryptomator-webdavRuntime arguments
- Web UI
https://[IP]:[PORT:8443]/vault/- Network
bridge- Shell
sh- Privileged
- false
Template configuration
Port the Cryptomator WebDAV share will be available at.
- Target
- 8443
- Default
- 18081
The location of the local Cryptomator vault files.
- Target
- /vault
- Default
- /mnt/cryptomator_vault
The Cryptomator password for the vault. Note: is visible in docker env. Use password file for more secure option.
- Target
- CRYPTOMATOR_VAULT_PASS
- Default
- strongpass
Optionally set the location of a local file containing the Cryptomator vault password.
- Target
- /vault.pass
- Default
- /mnt/user/appdata/cryptomator-webdav/vault.pass
Optional: A fully signed cert with key embeded to be used by stunnel. e.g. /mnt/user/appdata/cryptomator-webdav/mycert.pem
- Target
- /etc/stunnel/stunnel.pem
User ID to run cryptomator-cli as
- Target
- CRYPTOMATOR_UID
- Default
- 99
Group ID to run cryptomator-cli as
- Target
- CRYPTOMATOR_GID
- Default
- 100
Umask run cryptomator-cli as. Helps protect any new files created from loose permissions.
- Target
- CRYPTOMATOR_UMASK
- Default
- 0077